Slashdot Mirror
SpamAssassin Gets a Promotion
darthcamaro writes "The folks at internetnews.com are reporting that the Spam Assassin project has been promoted to a full top level Apache Software Foundation project..the project has been in incubation for a while and it's finally made it through...the article also reveals that Apache is now using Spam Assassin themselves: 'I think spam filtering is now a critical part of the network infrastructure and Spam Assassin is a leader in the area,' said Daniel Quinlan, chairman of the Apache Spam Assassin Project Management Committee."
I need a better tool for handling mail SA has identified as spam, either server-side or client-side. I'd like to delete anything with a score > 15, simply store anything with a score > 5, and send an auto-reply for scores between 5 and 10 indicating that the message was marked as spam and I'll probably never look at it.
Procmail can do it, but please reconsider the auto-replies. What happens if I'm pissed at bob and decide to sent out 1m spams with the return address of bob@example.com? More common, what about viruses that forge headers?
I would consider auto-whitelisting instead.
Spam Assassin, while a very clever program, is as misdirected as the "Canned Spam" legislation. It has no effect on the real economics of spam: who pays for it.
Somebody is paying for the spamming, and we know exactly who it is. The URL of that organization is prominently displayed in every item of spamail. It is the advertiser.
The advertiser is right there out in the open, easy to locate. If they're not, the spam isn't doing its job, and wouldn't have been sent. And easy to locate means easy to go after, easy to sue, to fine, DoS or whatever.
Dinging the advertisers, and dinging them hard, will instantly put the spammers out of business.
Spamming can be eliminated without blocking, white lists, or anti-spoofing RFC's. Just go to where it's pointing.
To draw an [ugly, graphic] picture: a dog comes and poops on sidewalk in front of my house, and I step in it. Yelling at the dog is going to be only moderately successful, building a poop filter is difficult, messy, and leaky (as Spam Assassin demonstrates) . Following the dog's leash and fining the owner is what works.
The owner doesn't bring the dog back since s/he doesn't want to pay another fine.
No owner, no dog, no spam.
Get the owner.
Kill the spam.
Does this mean they finally have to sort out that god awfull tip of a web site then?
spam is really not a concern anymore. You mean except for bandwidth I assume.
--fetch daddy's blue fright wig, i must be handsome when i release my rage
but for an ISP to throw it away before it even gets to the intended recipient is fucking rediculous and should be illegal.
Thank Microsoft. ISPs could easily just add a header line and let the user filter on it, but Outlook Express is crippled from Outlook in that it can't match on arbitrary header lines, forcing ISPs to delete or leave alone.
I agree that SA is great client-side, which is how I use it. The problem is that it isn't plug-and-play on even *IX, and it's not trivial to set up on the client side on Windows.
May we never see th
Challenge/Response is fundamentally broken. For more information, take a look at some discussions on the topic from debian-user: here's one. There's a few google-harvested discussions on the topic too.
You're just plain lucky. It's a fact of life that at least one of your email pals will use Windows, and store your emails in an Outlook or Outlook Express mail folder. Some days later, your pal will catch a worm or virus, and this little spam helper will harvest all those addresses, including your beloved, "protected" addy.
cpghost at Cordula's Web.
We shouldn't feed the trolls (eh. ACs), but I'll bite anyway, because it's a valid argument.
You also ban all innocent bystanders than send you regular 550: no such user bounces, right? TMDA messages are exactly like bounces if you think of it. They appear automatically generated on purpose. It's a piece of cake to filter them if you dislike 'em. It's not like spam which tries to deceive you.
Now, trying not to be too caustic, backscatter is a fact of life. If you really want to avoid this completely, you have to follow a strict whitelist policy. Some people actually do this, and if you must, go ahead, block all TMDA users. It's your decision to allow/disallow users (legitimate or illegitimate), bots, or spammers to access your network. That's exactly what TMDA is all about: putting the recipient, not the sender, in control.
OTOH, it's up to TMDA's users to decide how they control their own networks. If it helps stem the spam tide (and it does extremely well!), it will be used. Sending innocent bystanders a 550: No such user or a TMDA confirmation message with a list of full headers is qualitatively the same; perhaps even better, because if you belong to some spam busters brigade, you're free to use those headers to RBL the initial offender, dynamic IP zombie or whatever.
Instead of whining about backscatter, fix SMTP or your legislation (or both). In the mean time, C/R systems are the only alternative to content-based filtering. If you combine C/R and C/B systems, you also reduce the amount of TMDA bounces. Permbanning only helps the spammers by intimidating potential TMDA users and slowing down a more widespread adoption of C/R systems (which would also dry up the spam stream substantially). But, as said, you're the recipient, and you're free to do whatever you like. It's your resources. Make good use of them.
cpghost at Cordula's Web.
That bandwidth is not spilled if you make your MTA do SMTP-REJECTs, based on the high-quality-blacklists around.